| ftpd.8 (25283) | ftpd.8 (31329) |
|---|---|
| 1.\" Copyright (c) 1985, 1988, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. --- 16 unchanged lines hidden (view full) --- 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94 | 1.\" Copyright (c) 1985, 1988, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. --- 16 unchanged lines hidden (view full) --- 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94 |
| 33.\" $Id: ftpd.8,v 1.17 1997/04/27 08:29:21 davidn Exp $ | 33.\" $Id: ftpd.8,v 1.18 1997/04/29 12:42:07 davidn Exp $ |
| 34.\" 35.Dd April 19, 1994 36.Dt FTPD 8 37.Os BSD 4.2 38.Sh NAME 39.Nm ftpd 40.Nd 41Internet File Transfer Protocol server --- 16 unchanged lines hidden (view full) --- 58.Tn TCP 59protocol 60and listens at the port specified in the 61.Dq ftp 62service specification; see 63.Xr services 5 . 64.Pp 65Available options: | 34.\" 35.Dd April 19, 1994 36.Dt FTPD 8 37.Os BSD 4.2 38.Sh NAME 39.Nm ftpd 40.Nd 41Internet File Transfer Protocol server --- 16 unchanged lines hidden (view full) --- 58.Tn TCP 59protocol 60and listens at the port specified in the 61.Dq ftp 62service specification; see 63.Xr services 5 . 64.Pp 65Available options: |
| 66.Bl -tag -width Ds | 66.Bl -tag -width indent |
| 67.It Fl d 68Debugging information is written to the syslog using LOG_FTP. 69.It Fl l 70Each successful and failed 71.Xr ftp 1 72session is logged using syslog with a facility of LOG_FTP. 73If this option is specified twice, the retrieve (get), store (put), append, 74delete, make directory, remove directory and rename operations and 75their filename arguments are also logged. Note: LOG_FTP messages 76are not displayed by 77.Xr syslogd 8 78by default, and may have to be enabled in 79.Xr syslogd 8 Ns 's 80configuration file. 81.It Fl D 82With this option set, | 67.It Fl d 68Debugging information is written to the syslog using LOG_FTP. 69.It Fl l 70Each successful and failed 71.Xr ftp 1 72session is logged using syslog with a facility of LOG_FTP. 73If this option is specified twice, the retrieve (get), store (put), append, 74delete, make directory, remove directory and rename operations and 75their filename arguments are also logged. Note: LOG_FTP messages 76are not displayed by 77.Xr syslogd 8 78by default, and may have to be enabled in 79.Xr syslogd 8 Ns 's 80configuration file. 81.It Fl D 82With this option set, |
| 83.Nm ftpd | 83.Nm |
| 84will detach and become a daemon, accepting connections on the FTP port and 85forking children processes to handle them. This is lower overhead than 86starting | 84will detach and become a daemon, accepting connections on the FTP port and 85forking children processes to handle them. This is lower overhead than 86starting |
| 87.Nm ftpd | 87.Nm |
| 88from 89.Xr inetd 8 90and is thus useful on busy servers to reduce load. 91.It Fl R 92With this option set, | 88from 89.Xr inetd 8 90and is thus useful on busy servers to reduce load. 91.It Fl R 92With this option set, |
| 93.Nm ftpd | 93.Nm |
| 94will revert to historical behavior with regard to security checks on 95user operations and restrictions on PORT requests. 96Currently, | 94will revert to historical behavior with regard to security checks on 95user operations and restrictions on PORT requests. 96Currently, |
| 97.Nm ftpd | 97.Nm |
| 98will only honor PORT commands directed to unprivileged ports on the 99remote user's host (which violates the FTP protocol specification but 100closes some security holes). | 98will only honor PORT commands directed to unprivileged ports on the 99remote user's host (which violates the FTP protocol specification but 100closes some security holes). |
| 101. | |
| 102.It Fl S 103With this option set, | 101.It Fl S 102With this option set, |
| 104.Nm ftpd | 103.Nm |
| 105logs all anonymous transfers to the file 106.Pa /var/log/ftpd 107when this file exists. | 104logs all anonymous transfers to the file 105.Pa /var/log/ftpd 106when this file exists. |
| 108. | |
| 109.It Fl U 110In previous versions of | 107.It Fl U 108In previous versions of |
| 111.Nm ftpd , | 109.Nm Ns , |
| 112when a passive mode client requested a data connection to the server, 113the server would use data ports in the range 1024..4999. Now, by default, 114the server will use data ports in the range 40000..44999. Specifying this 115option will revert to the old behavior. 116.It Fl T 117A client may also request a different timeout period; 118the maximum period allowed may be set to 119.Ar timeout --- 11 unchanged lines hidden (view full) --- 131is specified, accept connections only on the specified 132.Ar address . 133.It Fl p 134When 135.Fl D 136is specified, write the daemon's process ID to 137.Ar file . 138.It Fl A | 110when a passive mode client requested a data connection to the server, 111the server would use data ports in the range 1024..4999. Now, by default, 112the server will use data ports in the range 40000..44999. Specifying this 113option will revert to the old behavior. 114.It Fl T 115A client may also request a different timeout period; 116the maximum period allowed may be set to 117.Ar timeout --- 11 unchanged lines hidden (view full) --- 129is specified, accept connections only on the specified 130.Ar address . 131.It Fl p 132When 133.Fl D 134is specified, write the daemon's process ID to 135.Ar file . 136.It Fl A |
| 139Allow only anonymous ftp access | 137Allow only anonymous ftp access. |
| 140.El 141.Pp 142The file 143.Pa /etc/nologin 144can be used to disable ftp access. 145If the file exists, 146.Nm 147displays it and exits. --- 8 unchanged lines hidden (view full) --- 156.Pa /etc/ftpmotd 157exists, 158.Nm 159prints it after a successful login. 160.Pp 161The ftp server currently supports the following ftp requests. 162The case of the requests is ignored. 163.Bl -column "Request" -offset indent | 138.El 139.Pp 140The file 141.Pa /etc/nologin 142can be used to disable ftp access. 143If the file exists, 144.Nm 145displays it and exits. --- 8 unchanged lines hidden (view full) --- 154.Pa /etc/ftpmotd 155exists, 156.Nm 157prints it after a successful login. 158.Pp 159The ftp server currently supports the following ftp requests. 160The case of the requests is ignored. 161.Bl -column "Request" -offset indent |
| 164.It Request Ta "Description" | 162.It Sy Request Ta Sy "Description" |
| 165.It ABOR Ta "abort previous command" 166.It ACCT Ta "specify account (ignored)" 167.It ALLO Ta "allocate storage (vacuously)" 168.It APPE Ta "append to a file" 169.It CDUP Ta "change to parent of current working directory" 170.It CWD Ta "change working directory" 171.It DELE Ta "delete a file" 172.It HELP Ta "give help information" --- 35 unchanged lines hidden (view full) --- 208by the 209SITE request. 210.Pp 211.Bl -column Request -offset indent 212.It Sy Request Ta Sy Description 213.It UMASK Ta change umask, e.g. ``SITE UMASK 002'' 214.It IDLE Ta set idle-timer, e.g. ``SITE IDLE 60'' 215.It CHMOD Ta change mode of a file, e.g. ``SITE CHMOD 755 filename'' | 163.It ABOR Ta "abort previous command" 164.It ACCT Ta "specify account (ignored)" 165.It ALLO Ta "allocate storage (vacuously)" 166.It APPE Ta "append to a file" 167.It CDUP Ta "change to parent of current working directory" 168.It CWD Ta "change working directory" 169.It DELE Ta "delete a file" 170.It HELP Ta "give help information" --- 35 unchanged lines hidden (view full) --- 206by the 207SITE request. 208.Pp 209.Bl -column Request -offset indent 210.It Sy Request Ta Sy Description 211.It UMASK Ta change umask, e.g. ``SITE UMASK 002'' 212.It IDLE Ta set idle-timer, e.g. ``SITE IDLE 60'' 213.It CHMOD Ta change mode of a file, e.g. ``SITE CHMOD 755 filename'' |
| 216.It HELP Ta give help information. | 214.It HELP Ta give help information |
| 217.El 218.Pp 219The remaining ftp requests specified in Internet RFC 959 220are 221recognized, but not implemented. 222MDTM and SIZE are not specified in RFC 959, but will appear in the 223next updated FTP RFC. 224.Pp --- 77 unchanged lines hidden (view full) --- 302to log in by specifying any password (by convention an email address for 303the user should be used as the password). 304When the 305.Fl S 306option is set, all transfers are logged as well. 307.El 308.Pp 309In the last case, | 215.El 216.Pp 217The remaining ftp requests specified in Internet RFC 959 218are 219recognized, but not implemented. 220MDTM and SIZE are not specified in RFC 959, but will appear in the 221next updated FTP RFC. 222.Pp --- 77 unchanged lines hidden (view full) --- 300to log in by specifying any password (by convention an email address for 301the user should be used as the password). 302When the 303.Fl S 304option is set, all transfers are logged as well. 305.El 306.Pp 307In the last case, |
| 310.Nm ftpd | 308.Nm |
| 311takes special measures to restrict the client's access privileges. 312The server performs a 313.Xr chroot 2 314to the home directory of the 315.Dq ftp 316user. 317In order that system security is not breached, it is recommended 318that the --- 34 unchanged lines hidden (view full) --- 353Make this directory mode 777 and owned by 354.Dq ftp . 355Guests 356can then place files which are to be accessible via the anonymous 357account in this directory. 358.El 359.Pp 360If the system has multiple IP addresses, | 309takes special measures to restrict the client's access privileges. 310The server performs a 311.Xr chroot 2 312to the home directory of the 313.Dq ftp 314user. 315In order that system security is not breached, it is recommended 316that the --- 34 unchanged lines hidden (view full) --- 351Make this directory mode 777 and owned by 352.Dq ftp . 353Guests 354can then place files which are to be accessible via the anonymous 355account in this directory. 356.El 357.Pp 358If the system has multiple IP addresses, |
| 361.Nm ftpd | 359.Nm |
| 362supports the idea of virtual hosts, which provides the ability to 363define multiple anonymous ftp areas, each one allocated to a different 364internet address. 365The file 366.Pa /etc/ftphosts 367contains information pertaining to each of the virtual hosts. 368Each host is defined on its own line which contains a number of 369fields separated by whitespace: --- 30 unchanged lines hidden (view full) --- 400value is to be used. 401.Pp 402As with any anonymous login configuration, due care must be given 403to setup and maintenance to guard against security related problems. 404.Pp 405If compiled with the 406.Em INTERNAL_LS 407option, | 360supports the idea of virtual hosts, which provides the ability to 361define multiple anonymous ftp areas, each one allocated to a different 362internet address. 363The file 364.Pa /etc/ftphosts 365contains information pertaining to each of the virtual hosts. 366Each host is defined on its own line which contains a number of 367fields separated by whitespace: --- 30 unchanged lines hidden (view full) --- 398value is to be used. 399.Pp 400As with any anonymous login configuration, due care must be given 401to setup and maintenance to guard against security related problems. 402.Pp 403If compiled with the 404.Em INTERNAL_LS 405option, |
| 408.Nm ftpd | 406.Nm |
| 409will have internal support for handling remote requests to list 410files, and will not execute 411.Pa /bin/ls 412in either a chrooted or non-chrooted environment. 413In this case, the 414.Pa ~/bin/ls 415executable need not be placed into the chrooted tree, nor need the 416.Pa ~/bin --- 40 unchanged lines hidden --- | 407will have internal support for handling remote requests to list 408files, and will not execute 409.Pa /bin/ls 410in either a chrooted or non-chrooted environment. 411In this case, the 412.Pa ~/bin/ls 413executable need not be placed into the chrooted tree, nor need the 414.Pa ~/bin --- 40 unchanged lines hidden --- |